This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

Hi,
I am trying to give GET access to to few URIs with 'permitAll' but this doesn't work when I disable 'anonymous' authentication. I am using spring-security 3.1.To make it clear below config works:
<security:anonymous enabled="true"/>....
<security:intercept-url pattern="/service/abc/**" access="permitAll" method="GET"/>
<security:intercept-url pattern="/**" access="isFullyAuthenticated()" />

I can access ../service/abc/* (GET req) without Login into application.

However when I change to <security:anonymous enabled="false"/>....
I always get redirected to login page for ../service/abc/* (GET req) .
Could someone please help and guide if I am missing something.

To add further, I need to disable anonymous authentication so that I can use spring-secuirty-oauth for facebook login.